I have had this Trojan hiding in my laptop for the better part of 3 months now.

Windows Defender detects it whenever it tries to do something, and this generally happens only when I start a new Firefox session or a new Internet Explorer session.

Windows Defender then detects it and quarantines it. You can see it in the attached picture.

After I instruct Windows Defender to remove it, Windows Defender deletes it and after making sure I update the signatures on Windows Defender, I do a complete entire harddisk scan and it finds nothing and then everything seems to be OK for a few days and then when I start a new Firefox session or a new Internet Explorer session, the Trojan is detected and quarantined by Windows Defender.

I have also bought the pro version of Malwarebytes but its complete and full scan reveals no such Trojan.

Likewise, I have runned Hitman Pro and it also finds no such Trojan.

Yet it keeps resurfacing and being stopped by Windows Defender but somehow not being completely removed when it is deleted.

The next thing I do was to apply the Windows 8.1 update in the hope that it would somehow rid my laptop of this Trojan.

No such luck.

Short of completely fresh install of Windows 8.1 on my Laptop, does anyone knows of a solution ?

I have an additional identical ASUS laptop (call it Laptop A that also came pre-installed with Windows . This one is not infected.

Just wondering if you know whether if I create an installation recovery disk from it Laptop A, it will install correctly fresh install on my infected laptop (Laptop B) since, I assume the Windows activation process checks for some hardware identifier on (Laptop B) which has already been licensed on their Windows activation server.

The lesson learned is that I should have created a recovery disk when I bought Laptop B before anything like that happened.

From Zatiac "Thanks for the response but I got it solved, I reset internet explorer and uninstalled java....that got all traces of the dropper off my laptop I suspect the dropper is how the fbi moneypacks ransom got on my laptop as well. "

I'm right now scanning with Sophos Virus Removal Tool overnight to see if it detects anything.

Then I may Zatiac's "solution" and test out to see if the solution "works".

I may still go for the "Nuclear method".

I rang up Asus and they took me through the process of Rebooting and Reinstalling the Windows 8 OS from the hidden partition to reset everything to as per factory.

They told me I cannot Recreate the Recovery disk from another identical Laptop as it would have a different Windows 8 key.

They advised that a factory type Reset by Reinstalling and formatting is the surest method to ensure that the virus is removed, although it takes several hours because essentially, it reformats and recreates the partitions.

Naturally this is the sure fire though time consuming way.

But it's also an excuse for me to refresh everything, make the laptop run a bit faster (hopefully) and probably junk a lot of useless stuff on my laptop.

I'm of course a little bit concerned if some of the software that requires activation will reactivate properly. But they probably should since I'm not changing any hardware.

But in the process, I thought I may as well test out a couple of these suggested Virus Removal Tools in this thread first. I wouldn't be surprised if they found nothing. Sigh!

While I'm on this subject, I might as well mention that in future, before I access some new sites or install some programs, I'll make better use of www.virustotal.com, whether to check out a URL or an exe first, besides using Malwarebytes and Hitman Pro

A ounce of prevention is worth a megaton of going Nuclear to clean up a laptop.

This process is going to proceed rather slowly, but if I come across any further useful lessons, I'll certainly post on this thread.

From Zatiac "Thanks for the response but I got it solved, I reset internet explorer and uninstalled java....that got all traces of the dropper off my laptop I suspect the dropper is how the fbi moneypacks ransom got on my laptop as well. "

that was something similar to what I cleaned of a laptop this summer - but that was with help of the german language www.trojaner-board.de (thread link).They got me to scan with a whole bunch of apps:

1) AV (Avira was on the machine)2) Malwarebytes3) Oldtimer (think a German lang. only app - comparable to "Hijackthis") - which was also later used to erase some files when rebooting4) Malwarebytes AntiRootkit5) AdwCleaner6) Emsisoft Anti-Malware7) a "Windows repair tool" they had creasted themselves8) ESET Online Scanner

Scans 1, 2, and 3 found files related to the trojan.

The Oldtimer scan found a *.js file and a *.pad file in Program Data

Other files were found in:Users\[USER NAME]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\Users\[USER NAME]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\(I presume the 6.0 above was the Java version number)Users\[USER NAME]\AppData\Local\Temp\Users\[USER NAME]\and a shortcut in the Startup Menu:Users\[USER NAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Might be really cool to do a collaborative antimalware info resource for the community here. There's enough of us at DC that either regularly need to deal with this for clients, or are individuals with some serious real world experiences gained from fixing their own PCs. The DC hive mind should have a lot of good vetted info and tips to share in a more organized manner than just random forum postings.

Ideally it would be a small wiki since it would need to be editable and expandable without it becoming a three mile long thread with dozens of unlinked posts, many of which will become outdated fairly rapidly.

Might be really cool to do a collaborative antimalware info resource for the community here. There's enough of us at DC that either regularly need to deal with this for clients, or are individuals with some serious real world experiences gained from fixing their own PCs. The DC hive mind should have a lot of good vetted info and tips to share in a more organized manner than just random forum postings.

Ideally it would be a small wiki since it would need to be editable and expandable without it becoming a three mile long thread with dozens of unlinked posts, many of which will become outdated fairly rapidly.

I wanted to make a DC-approved list of software for keeping the computer secure, using as many freeware tools as possible. No BS, no marketing hype...just specific software and the specific type of protection it is the best for.

Including your OS if you don't know what you're doing, or get a little too careless when attempting to fix things CF reports but doesn't handle automatically.

Hence the reference to "if you're going to re-install you might as well"

Yes, but here's the "fun" part. Many (read most/all) of the off the shelf machines, that don't come with install media and use a recovery partition. Also use a highly proprietary boot sector that provides the press hotkey 'X' to get to brand X's recovery partition. This means that anything that does any cleaning of said boot sector has a highly probability chance of frying said functionality right off the disk. ...Yes...I see this happen a lot.

So like 40hz, I too have seen combofix torch a machine (from a consumers perspective) in the process of cleaning it many times. Scratch building the boot sector isn't the slightest bit fun on these new OS's because it has gotten a hell of a lot more complicated from the good old SYS C: days.

I had to do a production server transplant not to long ago from one MB with an SSD to a second MB with RAID1. It got done...but it took quite a bit longer than the initial estimate.

I should add for the benefit of others that uninstalling Java did not remove the persistent virus.

1. You kind of obliterate everything and it's great to start afresh again, sort of. I looked through what I had previously installed and really, some of those I don't really use so I did some spring cleaning as well. The process is painfully slow, partly because I'm also taking my time. But the laptop seems to runs faster.

2. I decided to just as a matter of practice, exercise much greater caution when installing programs. Whenever possible, I upload each exe (limitation of 64mb) to www.virustotal.com or at least scan the url of the website before I download.

Better an ounce a caution than to have to go Nuclear again.

I wish there was a way of automating the process a bit more, like rightclick a url and send the url to be scanned at www.virustotal.com. Or a way for me to right click a file and send the exe to be scanned at www.virustotal.com

3. Started wondering about a disk imaging solution. Used to use Ghost on XP.

Any suggestion of a reliable free imaging solution that works well with Windows 8 ?

4. Right now, for anti-virus, I use Windows Defender, Malwarebytes and also Web Of Trust (WOT - addin for Firefox).

Just wondering if I should add anymore armor besides being much more cautious about where I surf and what I click on. Any suggestions, apart from disconnecting myself from the internet ?